MalwareTech

With the exception of a few unconfirmed reports of Dridex targeting Baltic countries (which doesn’t make much sense economically), infection campaigns have ceased since mid August when Dridex briefly resumed spreading to propagate multiple new botnets aimed at Switzerland. This morning […]

It would seem that David Cameron doesn’t have a tech advisory or even knows anyone who uses browser other than Netscape, but that doesn’t seem stop him with his endless stream of proposals and laws to govern our internet. The […]

When I was contacted asking for a comment about the darkode raid, I’d said that the main administrator was not arrested and that’d I’d be surprised if it wasn’t back within a week; well It’s been a little more than […]

As the past has show us, cybercriminals are not the most trustworthy people when it come to holding valuable sources, and it looks like we’re about to get another reminder of that, this time with an exploit pack leak. RIG […]

For the 10 of you who don’t know, darkode was on of the most active English-speaking “underground” cybercrime boards. The forum was started around 2009 by a coder named “Iserdo” and gained popularity off the back of Iserdo’s bot, “Buterfly […]

As I said in the last part of the analysis the sample I had was just a test binary, but now I have some real ones thanks to some help from @Xylit0l. The new binaries incorporate some much more interesting […]

Phase Bot is a fileless rootkit that went on sale during late October, the bot is fairly cheap ($200) and boasts features such as formgrabbing, ftp stealing, and of course the ability to run without a file. The bot has […]

If you’ve been in a coma for the past week, MS14-066 (CVE-2014-6321) is a TLS heap overflow vulnerability in Microsoft’s schannel.dll, which can result in denial of service and even remote code execution on windows systems (the bug is exploitable during […]

It would seem the FBI is cracking down on cybercrime (well script-kiddies at least), with a bunch of international raids carried out in the past few days and more said to come. As of today it seems that the raids […]

Rovnix is an advanced VBR (Volume Boot Record) rootkit best known for being the bootkit component of Carberp. The kit operates in kernel mode, uses a custom TCP/IP stack to bypass firewalls, and stores components on a virtual filesystem outside […]